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efamro  comments: 

The  40th  International  Conference  of  Data  Protection  and  Privacy  Commissioners  (ICDPPC)  was  a 
focal  point  for  EU  data  protection  practitioners  this  week.  The  ICDPPC  is  a  global  forum  of  data 
protection  and  privacy  authorities,  encompassing  more  than  120  members  across  all  continents 
working  on  global  data  protection  policy  issues. 

Apple  CEO  Tim  Cook  delivered  a  keynote  at  the  Conference  praising  Europe's  new  rules  and  calling 
for  comprehensive  federal  data  privacy  regulation  in  the  U.S.  The  conference  also  adopted  several 
resolutions  including  ethics  and  data  protection  in  Artificial  Intelligence.  The  Declaration  on  Ethics 
and  Protection  in  Artificial  Intelligence,  endorsed  several  guiding  principles  as  “core  values”  to  protect 
human  rights  as  the  development  of  artificial  intelligence  continues  apace.  In  line  with  this  the 
ICDPPC  has  established  a  permanent  working  group  on  Ethics  and  Data  Protection  in  Artificial 
Intelligence.  The  UK  Information  Commissioner,  Elizabeth  Denham,  has  been  elected  as  Chair  of  the 
ICDPPC. 

On  the  enforcement  front,  the  European  Data  Protection  Board  (EDPB)  is  dealing  with  162  cross 
border  cases  but  no  fines  have  yet  been  issued.  Facebook  has  been  issued  with  a  maximum  £500,000 
fine  by  ICO  for  serious  breaches  of  data  protection  law  (under  pre-GDPR  protection  law).  The 
European  Parliament  has  also  called  for  a  full  audit  of  Facebook  in  the  wake  of  the  data  breaches. 

Stakeholder  interest  is  also  high  on  the  ePrivacy  dossier  as  the  Council  recommenced  discussions  on 
the  proposed  ePrivacy  Regulation. 
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ePrivacy  Regulation  -  Stakeholder  Statements 

Please  see  below  recent  stakeholder  statements  on  proposal  for  ePrivacy  Regulation: 

•  EDRi  https://edri.org/eprivacv-public-benefit-or-private-surveillance/ 

•  Energy  Coalition  https :  //www.euractiv.com/wp- 
content/uploads/sites/2/2018/10/20181024-Open-Coalition-Letter-on-the-Future-of-the- 

ePrivacv-Regulation.pdf 

•  Business  Europe  https :  /  / www.businesseurope.eu  /publications/eprivacv-proposal-letter- 
markus-i-bevrer-nikolaus-marschik-ambassador-austria-eu 

International  Data  Protection  -  40th  International  Conference  of  Data 
Protection  and  Privacy  Commissioners,  Brussels  -  Speeches  by  EDPS  Giovanni 
Buttarelli  and  Apple  CEO  Tim  Cook 

Please  click  here  to  access  the  speech  by  Giovanni  Buttarelli  at  the  Public  Session  of  the  International 
Conference  of  Data  Protection  and  Privacy  Commissioners  2018,  Debating  Ethics:  Dignity  and 
Respect  in  Data  Driven  Life  ,  Brussels. 

Please  click  here  to  access  the  speech  by  Tim  Cook,  Apple  CEO,  at  the  Public  Session. 


International  Data  Protection  -  40th  International  Conference  of  Data 
Protection  and  Privacy  Commissioners,  Brussels  -  Adopted  Resolutions 

Now  in  its  fortieth  year,  the  ICDPPC  is  the  leading  global  forum  of  data  protection  and  privacy 
authorities,  encompassing  more  than  120  members  across  all  continents.  The  ICDPPC  works 
throughout  the  year  on  global  data  protection  policy  issues,  adopts  resolutions  and  statements 
addressed  to  governments  and  policymakers,  and  arranges  a  highly  successful  annual  conference. 

The  theme  of  this  year's  conference  is  "Debating  Ethics:  Dignity  and  Respect  in  Data  Driven  Life". 

Adopted  Resolutions  can  be  accessed  by  following  the  links  below: 

•  Resolution  on  e-learning  platforms 

•  Declaration  on  Ethics  and  Data  Protection  in  Artificial  Intelligence 

•  Resolution  to  amend  the  ICDPPC  rules  and  procedures 

•  Resolution  on  a  roadmap  on  the  Future  of  the  International  Conference 

•  Resolution  on  Collaboration  between  Data  Protection  Authorities  and  Consumer  Protection 

•  Resolution  on  the  Conference  Census  [  FR] 
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The  opening  speech  of  the  closed  session  of  the  Conference,  by  Isabelle  Falque-Pierrotin,  President  of 
the  Executive  Committee  of  the  ICDPPC,  can  also  be  accessed  here 


International  Data  Protection  -  UK  Information  Commissioner  elected  chair 
of  the  International  Conference  of  Data  Protection  and  Privacy 
Commissioners 

Elizabeth  Denham,  the  UK’s  Information  Commissioner,  has  today  been  elected  Chair  of  the 
International  Conference  of  Data  Protection  and  Privacy  Commissioners  (ICDPPC). 

Now  in  its  fortieth  year,  the  ICDPPC  is  the  leading  global  forum  of  data  protection  and  privacy 
authorities,  encompassing  more  than  120  members  across  all  continents.  The  ICDPPC  works 
throughout  the  year  on  global  data  protection  policy  issues,  adopts  resolutions  and  statements 
addressed  to  governments  and  policymakers,  and  arranges  a  highly  successful  annual  conference. 

On  accepting  her  post,  Elizabeth  Denham  said:  In  the  age  of  borderless  data  flows,  there  has  never 
been  a  more  important  time  for  global  coherence  in  data  protection  and  privacy.  My  vision  for  the 
ICDPPC  is  to  lead  a  decade  of  global  data  protection.  A  decade  when  data  protection  and  privacy  by 
design  become  mainstream  aspects  of  the  digital  economy,  safeguarding  democratic  governance  and 
ensuring  protection  for  society’s  vulnerable  groups,  including  young  people.  The  ICDPPC  is  a  truly 
unique  global  forum,  championing  strong  and  independent  authorities.  Key  to  this  is  ensuring  that 
authorities  can  share  cutting  edge  policy  and  enforcement  experience.  I  am  keen  to  ensure  that 
ICDPPC  can  continue  to  support  our  member  authorities  with  experiences,  strategies  and  best 
practice  that  are  inclusive  of  diverse  legal  frameworks  and  cultural  backgrounds." 


EU Data  Protection  Regulation  -  EDPB  Cross  Border  Cases 

Privacy  Laws  and  Business  reports  that  the  Board’s  Chair  Andrea  Jellinek  announced  that  the 
European  Data  Protection  Board  (EDPB)  has  by  now  162  cross-border  cases  on  its  case  register.  She 
would  not  confirm  when  the  first  large  fines  would  be  issued  -  ‘we  are  investigating’  she  said.  When 
asked  about  a  public  register  of  fines,  she  said  this  would  not  be  possible  unless  the  details  were 
anonymised.  Under  her  native  Austrian  DP  law,  the  authority  has  to  anonymise  any  details  if  they 
publicise  details  of  fines. 

Jellinek  said  that  the  first  five  months  of  the  GDPR  have  been  busy  for  the  authorities.  Some  80,000 
breach  notifications  have  been  received  by  the  25  EU  DPAs  which  have  issued  their  statistics,  and  15 
One  Stop  Shop  procedures  have  been  started  at  the  Board.  In  addition,  there  have  been  233 
procedures  relating  to  Mutual  Assistance  between  the  DPAs. 
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Source:  Privacy  Laws  and  Business 


EU  Data  Protection  -  UK  Information  Commissioner’s  Office  (ICO)  fines 
Facebook 

The  Information  Commissioner's  Office  (ICO)  has  fined  Facebook  £500,000  for  serious  breaches  of 
data  protection  law. 

In  July,  the  ICO  issued  a  Notice  of  Intent  to  fine  Facebook  as  part  of  a  wide  ranging  investigation  into 
the  use  of  data  analytics  for  political  purposes. 

After  considering  representations  from  the  company,  the  ICO  has  issued  the  fine  to  Facebook  and 
confirmed  that  the  amount  -  the  maximum  allowable  under  the  laws  which  applied  at  the  time  the 
incidents  occurred  -  will  remain  unchanged.  The  full  penalty  notice  can  be  read  here  . 

The  ICO's  investigation  found  that  between  2007  and  2014,  Facebook  processed  the  personal 
information  of  users  unfairly  by  allowing  application  developers  access  to  their  information  without 
sufficiently  clear  and  informed  consent,  and  allowing  access  even  if  users  had  not  downloaded  the 
app,  but  were  simply  'friends’  with  people  who  had. 

Facebook  also  failed  to  keep  the  personal  information  secure  because  it  failed  to  make  suitable  checks 
on  apps  and  developers  using  its  platform.  These  failings  meant  one  developer,  Dr  Aleksandr  Kogan 
and  his  company  GSR,  harvested  the  Facebook  data  of  up  to  87  million  people  worldwide,  without 
their  knowledge.  A  subset  of  this  data  was  later  shared  with  other  organisations,  including  SCL  Group, 
the  parent  company  of  Cambridge  Analytica  who  were  involved  in  political  campaigning  in  the  US. 

Even  after  the  misuse  of  the  data  was  discovered  in  December  2015,  Facebook  did  not  do  enough  to 
ensure  those  who  continued  to  hold  it  had  taken  adequate  and  timely  remedial  action,  including 
deletion.  In  the  case  of  SCL  Group,  Facebook  did  not  suspend  the  company  from  its  platform  until 
2018. 

The  ICO  found  that  the  personal  information  of  at  least  one  million  UK  users  was  among  the 
harvested  data  and  consequently  put  at  risk  of  further  misuse. 

Elizabeth  Denham,  Information  Commissioner,  said:  "Facebook  failed  to  sufficiently  protect  the 
privacy  of  its  users  before,  during  and  after  the  unlawful  processing  of  this  data.  A  company  of  its  size 
and  expertise  should  have  known  better  and  it  should  have  done  better." 

This  fine  was  served  under  the  Data  Protection  Act  1998.  It  was  replaced  in  May  by  the  new  Data 
Protection  Act  2018,  alongside  the  EU's  General  Data  Protection  Regulation  .  These  provide  a  range 
of  new  enforcement  tools  for  the  ICO,  including  maximum  fines  of  £17  million  or  4%  of  global 
turnover. 

Ms  Denham  added:"We  considered  these  contraventions  to  be  so  serious  we  imposed  the  maximum 
penalty  under  the  previous  legislation.  The  fine  would  inevitably  have  been  significantly  higher  under 
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the  GDPR.  One  of  our  main  motivations  for  taking  enforcement  action  is  to  drive  meaningful  change 
in  how  organisations  handle  people's  personal  data. 

"Our  work  is  continuing.  There  are  still  bigger  questions  to  be  asked  and  broader  conversations  to  be 
had  about  how  technology  and  democracy  interact  and  whether  the  legal,  ethical  and  regulatory 
frameworks  we  have  in  place  are  adequate  to  protect  the  principles  on  which  our  society  is  based." 

Watch  Elizabeth  Denham  talk  about  the  fine  here. 

A  further  update  on  the  ICO  investigation  into  data  analytics  for  political  purposes  will  be  on  Tuesday 
6  November,  when  Ms  Denham  will  give  evidence  to  the  Department  for  Digital,  Culture,  Media  and 
Sport  (DCMS)  Select  Committee. 

In  July,  the  ICO  published  an  interim  progress  update  on  its  investigation  and  also  published  a 
partner  report,  Democracy  Disrupted?  Personal  information  and  political  influence  looking  at  the 
broader  policy  issues  identified  during  the  investigation  along  with  findings  and  the  Information 
Commissioner's  recommendations  for  future  action. 


EU Data  Protection-  The  use  ofFacebook  users'  data  by  Cambridge  Analytica 

On  October  23,  the  European  Parliament  held  a  debate  in  Plenary  on  the  LIBE  Motion  for  a 
Resolution  to  wind  up  the  debate  on  the  statement  by  the  Commission  on  the  use  of  Facebook  users' 
data  by  Cambridge  Analytica  and  the  impact  on  data  protection. 

During  the  debate,  the  importance  of  ensuring  algorithmic  accountability,  of  upholding  principles 
such  as  transparency,  traceability  and  accountability,  and  of  ensuring  the  integrity  of  European 
electoral  and  democratic  processes  were  emphasised.  The  key  role  -  and  responsibility  -  of  online 
platforms  in  tackling  online  disinformation  was  also  underlined  and  Commissioner  Julian  King 
recalled  that  the  Commission  will  analyse  the  first  results  of  the  Code  of  Practice  by  the  end  of  this 
year.  If  sufficient  progress  is  not  achieved  on  a  voluntary  basis,  the  Commission  reserves  the  right  to 
consider  other  options,  the  Commissioner  remarked. 

Documents:  Agenda  /  Motion  for  a  Resolution  /  Oeil 
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Upcoming  Events 


November  2018 

European  Big  Data  Value  Forum  2018  -  Expert  meeting  —  Focus  on  data  driven 
artificial  intelligence 

12  -14  November  2018,  Vienna 

The  European  Big  Data  Value  Forum  2018  (EBDVF2018)  takes  place  in  the  framework  of  the  Austrian 
Presidency  of  the  Council  of  the  European  Union  and  with  the  active  participation  of  the  host  country 
Austria,  the  European  Commission  and  representatives  of  the  industry.  On  the  first  day,  introductory 
statements  will  be  given  by  Federal  Minister  Norbert  Hofer,  Director  Gail  Kent  (European 
Commission)  and  Mark  Shuttleworth  (founder  of  Ubuntu).  The  first  two  days  will  take  place  in  the 
Austria  Center  Vienna,  where  concrete  examples  of  technical  implementation  in  various  areas  of 
application  will  be  discussed,  as  well  as  current  developments  regarding  regulation  on  a  European 
level  and  framework  conditions  for  future  research  promotion.  On  the  third  day  of  the  event, 
workshops  will  be  organised  in  Siemens  City,  Vienna,  on  the  topics  networking  and  data  ecosystems, 
amongst  others. 

Link:  Programme  of  the  European  Big  Data  Value  Forum  2018  More  information  about  this  event 
can  be  found  on  the  event  page 


#ThinkDigital20i8  -  Unleashing  the  Potential  of  Digitalisation 

22  November  2018,  Egmont  Palace,  Brussels 

ThinkDigital  Summit  is  a  platform  for  industry  to  discuss  game  changers  facing  the  emergence  of  a 
Digital  Single  Market.  Now  in  its  3rd  year,  the  ThinkDigital  Summit  will  look  at  the  following  topics: 

•  Realising  The  Potential  Of  Health  Data 

•  Ethical  And  Social  Implications  Of  Artificial  Intelligence 

•  Fostering  Trust  in  the  Digital  Era 

•  How  Digital  Industry  Can  Achieve  The  Sustainable  Development  Goals? 

Registration 
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January  2019 


CPPD  2019  Data  Protection  and  Democracy 

30  January  to  1st  February  2019,  Brussels,  Belgium 

CPDP  is  an  annual  three-day  conference  devoted  to  privacy  and  data  protection.  The  overarching 
theme  of  the  2019  edition  is  “Data  Protection  and  Democracy”.  The  entwinement  between  data 
analytics  and  democratic  processes  has  been  on  the  spotlight  for  the  better  part  of  the  past  two  years. 


URL:  https://www.cpdpconferences.org/call-for-papers 
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